CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2016/09/25 09:23:37
Modified files:
sys/arch/alpha/alpha: mem.c
sys/arch/amd64/amd64: mem.c
sys/arch/arm/arm: mem.c
sys/arch/hppa/hppa: mem.c
sys/arch/i386/i386: mem.c
sys/arch/m88k/m88k: mem.c
sys/arch/macppc/macppc: mem.c
sys/arch/mips64/mips64: mem.c
sys/arch/sh/sh : mem.c
sys/arch/socppc/socppc: mem.c
sys/arch/sparc64/sparc64: mem.c
sys/kern : kern_sysctl.c
sys/sys : sysctl.h
usr.sbin/acpidump: acpidump.8
usr.sbin/procmap: procmap.1
usr.sbin/pstat : pstat.8
Log message:
Make a move towards ending 4 decades of kernel snooping.
Add sysctl kern.allowkmem (default 0) which controls the ability to open
/dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99%
of utilities in the tree to operate on sysctl-nodes (either by themselves
or via code hiding in the guts of -lkvm).
pstat -d and -v & procmap are affected and continued use of them will
require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's
buddy sendbug) are affected, but we'll work out a solution soon.
There will be some impact in ports.
ok kettenis guenther
